Tuesday, April 24, 2007

Exchange 2007 Update Rollup 1 Available

Microsoft released Exchange 2007 Update Rollup 1 this month, available at http://support.microsoft.com/?kbid=930809. The Exchange team said Rollups would appear every 6 to 8 weeks. Exchange 2007 Rollup 1 isn't quite a Service Pack -- meaning it doesn't include any new functionality. However, the quality and amount of testing is far superior to traditional hotfixes.

This 29MB(!) package includes fixes for Public Folder replication and backups. The update fixed an issue I was having where my Exchange backups were failing because the VSS provider was taking too long.

It's interesting to note that the update takes several minutes to prepare itself for installation, even after it offers to let you continue. The update itself took about 15 minutes to apply. Just be patient.

Labels: ,

Tuesday, April 17, 2007

Update for Outlook 2007 Performance Issues

Microsoft just released an update for Outlook 2007 that addresses performance issues, especially for users with large OSTs. http://support.microsoft.com/kb/933493. Several of my customers have installed the update and say their Outlook appears to be "snappier".

Microsoft also provide general guidance on how to workaround performance issues for users with large PSTs or OSTs.
http://support.microsoft.com/kb/932086. Guidance ranges from "reduce the size of your mailbox" to "don't use cached mode". I love it. Aren't these the features being touted in Outlook and Exchange 2007?

Labels: , ,

Log into OWA 2007 with a Default Domain

Customers with Exchange in a single domain usually ask how to change OWA so users can log in using just a username instead of domain\username. This was problematic in Exchange 2003 because of the DS2MB background process, but simple to do in Exchange 2007.
  • Open Exchange Management Console
  • Expand Server Configuration
  • Select Client Access and click the Outlook Web Access tab
  • Select owa (Default Web Site) and click the Properties action
  • Click the Authentication tab
  • Under Use forms-based authentication, select User name only
  • Click Browse and select the domain name
  • Click OK
  • Run IISRESET /NOFORCE to restart IIS and enforce the change

Or, even easier using PowerShell:

Set-OWAVirtualDirectory -Identity "owa (default web site)" -LogonFormat username -DefaultDomain companyabc.com

Then run IISRESET /NOFORCE to restart IIS and enforce the change.

Note that this will automatically change the logon page to display the new logon requirements.

Labels: , ,

Monday, April 16, 2007

Eating My Own Dog Food

This weekend I upgraded my home production domain from Windows 2003 R2 (x32) and Exchange 2003 to Windows 2003 R2 SP2 (x64) and Exchange 2007. My goal was to pretend I was at a customer site and had to migrate this environment successfully to the new hardware.

My home production equipment consisted of a single Dell 4600 all-in-one box. It was a W2K3 R2 Enterprise domain controller with SP1, which also ran Exchange 2003 Enterprise SP2 and served as a DNS, WINS, WWW and file server. The server had a single Intel 2.8Ghz HT CPU, 2GB of RAM and a 160GB hard drive. My replacement server is a Dell E521 with an AMD Athlon 64 Dual-Core, 4GB of RAM and a 250GB hard drive.

Since I am still limiting myself to a single physical server, I decided to use VMware to virtualize most of my environment. All servers will run Windows Server 2003 R2 (x64) with SP2. The host server (GATEWAY) will be a workgroup server running Exchange 2007 Edge Server and VMware Workstation. The two virtual servers are DC01, a domain controller/DNS/WINS server, and EX01, an Exchange 2007 server with the Hub Transport, Client Access, and Mailbox roles. My LAN is connected to the Internet via a Netgear wireless router/firewall, as per the following diagram.
















First I installed x64 Windows Server 2003 R2 Enterprise SP1 on GATEWAY and used the Microsoft Update site to install SP2, IE7, ADAM (required for Exchange Edge server) and all the critical updates. SP2 installs the Windows firewall by default, so I disabled it. Then I installed VMware Workstation 5.6. I chose Workstation since ESX will not recognize SATA drives and GSX only allows one snapshot per VM.

Next I created a base image VM using x64 Windows Server 2003 R2 Enterprise, upgraded to SP2, IE7 and all the critical updates, and disabled the firewall. I use this image to base all my servers on, which makes provisioning future servers a breeze.

I then created two new linked clone servers, DC01 and EX01 and joined them to the domain. I promoted DC01 to a domain controller and installed DNS and WINS. I installed IIS, .NET Framework 2.0 and 3.0, and the necessary patches on EX01 in preparation for Exchange 2007. I took a snapshot of both servers at this point and then began to install Exchange 2007.

Here's where it gets interesting. The Exchange 2007 setup has a lot of logic and workflow built into it. You pretty much install the DVD, answer a few questions and let it run. Setup will check that the server meets the prerequisites and pre-qualifies the environment to ensure a smooth installation. In theory. The installation went happily along updating the schema, preparing the domain and installing the server roles. But as it was installing the Hub Transport role it errored, saying that the disk could not be read and to try setup again later. It did not offer a "retry" button. The trouble turned out to be a smear of what I can only guess was macaroni and cheese on the DVD. Kids. Gotta love 'em.

So, I cleaned off the DVD and ran setup again. Now setup said that the Hub Transport role was not installed properly and to remove it first. Trouble is, neither setup or the Exchange Management Console (EMC) show that any roles have been installed, so I can't uninstall it. I'll spare you the gory details, but I tried uninstalling it using PowerShell, the switches in setup, and reverting to my snapshot. No good. I then removed the Exchange Administrative Group (FYDIBOHF23SPDLT) and Exchange Routing Group that setup automatically creates in a mixed mode environment using ADSI Edit. This let me run setup again, but now I got an error complaining that Exchange Administrative Group (FYDIBOHF23SPDLT) was missing. I recreated both the AG and RGC on the Exchange 2003 side (I had to use ADSI Edit again to rename the AG using the parentheses) and tried again. Success!

After I ensured that I had mail flow between the E2K3 and E2K7 servers, I installed the Edge Server role and Microsoft ForeFront (antivirus/antispam) on GATEWAY. This created a new RGC to the Internet on GATEWAY. I then created an EdgeSync subscription and tested it. I moved the mailboxes to EX01 and successfully tested OWA and Outlook.

Now to put it into production. I have one MX record published on the Internet for inbound email. My firewall allows SMTP port 25 and HTTP port 80 traffic to WWW (x.x.x.50). I reconfigured WWW to use a different address and configured GATEWAY to use x.x.x.50. I successfully tested inbound and outbound email and that my web pages worked properly from GATEWAY. I then reconfigured my firewall to forward SSL port 443 to EX01. Exchange setup automatically configures OWA on the CAS role to use SSL. I used ts.cco.com to look back into my OWA and successfully tested email again.

The final step was to decommission my old DC/Exchange 2003 server. There are a few steps I needed to do in Exchange 2007, such as re-home the OAB, replicate Public Folder content, etc. After that, it was simply a matter of deleting the RGCs to the Exchange 2003 AG, deleting the old AG itself, and uninstalling Exchange 2003. I'm pleased to say that the customer is very satisfied. :)

I learned a lot through this entire process. Highlights are:
  • Dog food is delicious.
  • Ensure your media is OK. Keep sticky fingers and food away! I was surprised at this, since setup copies the binaries to the local hard drive and re-compiles them.
  • Microsoft put a lot of work into the install process, but it's not perfect. I would imagine I would have had the same problem if the DVD was ejected during setup.
  • Never give up. I could have always used exmerge and rebuilt my domain, but few customers would accept this.
  • 64-bit hardware, lots of RAM and VMware are "good things"
  • Giving 512MB to my virtual DC and 2GB to my virtual Exchange Server yields respectable performance
  • Since VM Workstation won't start as a service, I enabled auto-logon on GATEWAY and wrote a script that launches and runs my VM team
  • Microsoft Forefront is still a Sybari product with Microsoft stickers on it (needs work)

Labels: , , , ,